Verso – Complaint about direct marketing

August 2016

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign. The texts sent promoted an opportunity to place bets with a gambling company. The complainant had received two unwanted text messages to this effect over the Xmas period. The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant. Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

Verso Group had sourced the data from Evolution DM and sent it on to Digitonic which was to broadcast the data for the text campaign.

The Commission did not believe that Verso managed these contracts responsibly. During the time of the data order, Verso had come to the conclusion that it was not equipped to meet the data requirements from its own telephone survey and chose to out-source the data procurement. Verso could not produce any evidence to satisfy the Commission that it communicated the changed circumstance to its client, Digitonic. It is not evident that Verso undertook the due diligence necessary to satisfy itself that its data supplier had the necessary consents for the data provided. The Commission also saw evidence of operational failings in the preparation and supply of the data, specifically a failure to correctly align names to the mobile numbers used in the campaign.

The Commission was not satisfied by the responses from Verso to its enquiries and the breaches raised and they saw a lack of willingness to accept corporate responsibility for events.

The Commission welcomed the assurance that Verso are to undertake remedial actions in terms of training staff to ensure there is a member of staff available to make these checks in future, but believed there was a need to test the adequacy of arrangements

Outcome

The Commission found Verso to be in breach of Rules 3.11, 4.1 and 4.3 below.

The Commission formally strongly reminded Verso of its obligations under the DMA Code.

The Commission has shared its findings with the DMA and asked it to use planned new audit arrangements with member companies to satisfy itself that Verso have the processes and sampling and other checks necessary to act as a data broker and lead generation provider.

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.